Math & date: ruby & logstash

garanews · March 31, 2016, 1:33pm

Hello,
I have some log files that have rows like this:

station1 on 15387 15646 130 Y

Values are separated by tab

With logstash I would transform the first_seen and last_seen in timestamp, because they are the number of days after 1/1/1970
So basically I should just multiply by 86400 to have seconds and then use the logstash date funcion.
The code below is not doing what I am expecting

                    if [type] == "test_log" {

             csv {
                            separator => "  "
                            columns => [ "client", "status", "first_seen", "last_seen", "times_seen", valid" ]
                            }

if [first_seen] != "-" {
ruby
{ code => "event['first_seen'] = event['first_seen'].to_f * 86400"}
date {
match => [ "first_seen", "UNIX" ]
}
}

if [ast_seen] != "-" {
ruby
{ code => "event['last_seen'] = event['last_seen'].to_f * 86400"}
date {
match => [ "last_seen", "UNIX" ]
}
}

It seems that out of ruby code the variable is not set and in the logstash.log I have errors like "the - is not valid unix time" repeated for milion of times.

Can you please give me an hint?
Thanks in advance

kirill_polishchuk · March 31, 2016, 5:09pm

You should try convert to integer, instead of to float:
ruby
{ code => "event['last_seen'] = event['last_seen'].to_i* 86400"}

when float you are getting epoch date like: 1329436800.0 ( epoch date with comma - is not well formatted date)

garanews · April 1, 2016, 10:28am

I did but nothing changed...

garanews · April 8, 2016, 7:05am

any other suggestion?
Thanks

Topic		Replies	Views
Date parsing issue Logstash	6	186	December 16, 2022
New to elk and need assistance with a ruby re-write Logstash	2	438	November 7, 2017
Date parsing problems Logstash	5	255	June 17, 2019
Find the number between two dates using ruby Logstash	8	696	July 6, 2017
Timestamp difference calculation Logstash	6	7113	December 6, 2017

Math & date: ruby & logstash

Related Topics